Skip to content

Instantly share code, notes, and snippets.

@SomajitDey

SomajitDey/squid_setup_ubuntu_server_win10_client.md

Created March 11, 2022 12:18
Show Gist options
  • Save SomajitDey/eb3020eca7cec0cc45ea33199c52681c to your computer and use it in GitHub Desktop.
Save SomajitDey/eb3020eca7cec0cc45ea33199c52681c to your computer and use it in GitHub Desktop.
Download ZIP
Setting up a web proxy server (Squid) on Ubuntu-20.04
Raw
squid_setup_ubuntu_server_win10_client.md

Ref:

  1. https://www.digitalocean.com/community/tutorials/how-to-set-up-squid-proxy-on-ubuntu-20-04
  2. https://answers.microsoft.com/en-us/windows/forum/all/adding-credentials-to-windows-proxy-settings/d6fdab82-6163-4aad-8133-43f7706ceb9c#:~:text=Setting%20up%20the%20credentials%20for,user%20name%20and%20the%20password.

Server setup

  • sudo apt update
  • sudo apt install squid
  • Squid should automatically start running. Check with : systemctl status squid.service
  • Now edit config : /etc/squid/squid.conf as described below Recommended: Backup config file before editing : sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.orig
  • Finally restart the squid service : sudo systemctl restart squid.service - this takes some time to complete

How to edit config file

+ means add this line; - means remove

To allow all clients, i.e. 0.0.0.0 with no authentication required

- http_access deny all
+ http_access accept all

Test with cURL

curl -v -x http://localhost:3128 https://google.com

Client setup (Windows 10)

  • Go to Proxy settings (search for the damn thing at Win+s)
  • Manual Proxy Setup
  • Turn on Use a proxy server
  • Address is IP (127.0.0.1 in case some local port is forwarded to port 3128 at the remote proxy-server that does not have a public IP, using say tunnel or ipns-link)
  • Port is port number (the forwarded local port in case port forwarding is on, see above)
  • Save

If you want basic (i.e. user:passwd) authentication

@ Server

Generating credentials

  • sudo apt install apache2-utils
  • sudo htpasswd -c /etc/squid/passwords <your_squid_username> You’ll be prompted to add a password. This will store your username along with a hash of your new password in /etc/squid/passwords.

@ squid config

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM CLIENTS
#
include /etc/squid/conf.d/*
+ auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/passwords
+ auth_param basic realm proxy
+ acl authenticated proxy_auth REQUIRED
# Example rule allowing access from your local networks.
+ acl localnet src <your_ip_address> ## Do this only if the server has public IP
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost ## Serves well when server is exposed using tunnel or ipns-link or ngrok etc.
+ http_access allow authenticated
# And finally deny all other access to this proxy
http_access deny all
+

Don't forget to restart the squid service after config change.

Test with cURL

curl -v -x http://<squid_user_name>:<squid_password>@localhost:3128 https://google.com

@ Windows client - How to add the credentials.

In Windows 10 menu, go to Settings (WinKey+I) and search for "Credential Manager". Under Windows Credentials, add a new entry for Windows Credentials. Enter the Proxy Server address (without the port number), your domain user name and the password.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment